syzbot

 sign-in | mailing list | source | docs
🐞 Open [58]
🐞 Fixed [6]
🐞 Invalid [2]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap
💬 Send us feedback

INFO: rcu detected stall in vm_area_alloc

Status: premoderation: reported on 2025/07/10 16:53
Reported-by: syzbot+2d2b9698c22f4bbe09ea@syzkaller.appspotmail.com
First crash: 2d08h, last: 2d08h
Similar bugs (7)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in vm_area_alloc (4) bpf 1 1 464d 464d 0/29 auto-obsoleted due to no activity on 2024/07/03 04:13
linux-6.1 INFO: rcu detected stall in vm_area_alloc 1 1 106d 106d 0/3 auto-obsoleted due to no activity on 2025/07/06 19:56
upstream INFO: rcu detected stall in vm_area_alloc (2) kernel 1 1 2012d 2012d 0/29 closed as invalid on 2020/01/09 08:13
upstream INFO: rcu detected stall in vm_area_alloc (3) kernel 1 2 562d 563d 0/29 auto-obsoleted due to no activity on 2024/03/27 19:02
upstream INFO: rcu detected stall in vm_area_alloc kernel 1 3 2047d 2049d 0/29 closed as invalid on 2019/12/04 14:04
upstream INFO: rcu detected stall in vm_area_alloc (6) mm 1 syz error 3 19d 43d 0/29 upstream: reported syz repro on 2025/05/30 07:37
upstream INFO: rcu detected stall in vm_area_alloc (5) bpf mm 1 18 188d 309d 0/29 auto-obsoleted due to no activity on 2025/04/05 06:19

Sample crash report:
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ae:38:67:88:2c:f1, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P8381/1:b..l
rcu: 	(detected by 0, t=10003 jiffies, g=6569, q=3008 ncpus=2)
task:syz-executor    state:R  running task     stack:0     pid:8381  tgid:8381  ppid:281    flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5947 [inline]
 __schedule+0x132b/0x1e00 kernel/sched/core.c:7775
 preempt_schedule_irq+0x9c/0x100 kernel/sched/core.c:8101
 raw_irqentry_exit_cond_resched+0x33/0x40 kernel/entry/common.c:311
 irqentry_exit+0x4a/0x60 kernel/entry/common.c:354
 sysvec_apic_timer_interrupt+0x50/0x90 arch/x86/kernel/apic/apic.c:1049
 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:702
RIP: 0010:stack_trace_consume_entry+0xa/0x2a0 kernel/stacktrace.c:83
Code: 5e 5d c3 cc cc cc cc cc e8 c3 9f 11 04 0f 1f 00 b8 8c dc 16 e6 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 41 57 <41> 56 41 55 41 54 53 48 83 ec 20 48 ba 00 00 00 00 00 fc ff df 4c
RSP: 0018:ffffc90009af6d50 EFLAGS: 00000257
RAX: ffffffff81d7fe81 RBX: ffffc90009af6e20 RCX: 0000000009af6d00
RDX: ffffc90009af7201 RSI: ffffffff81d7fe81 RDI: ffffc90009af6e20
RBP: ffffc90009af6d58 R08: ffffc90009af6e30 R09: ffffc90009af6e28
R10: 0000000000000000 R11: ffffffff81740900 R12: ffff888121df3900
R13: 1ffff9200135edd8 R14: ffffffff81740900 R15: ffffc90009af6d68
 arch_stack_walk+0x12a/0x170 arch/x86/kernel/stacktrace.c:27
 stack_trace_save+0x9d/0xe0 kernel/stacktrace.c:122
 save_stack+0xf8/0x1f0 mm/page_owner.c:174
 __reset_page_owner+0x79/0x450 mm/page_owner.c:315
 reset_page_owner include/linux/page_owner.h:28 [inline]
 free_pages_prepare mm/page_alloc.c:1321 [inline]
 free_unref_page+0xae5/0xdd0 mm/page_alloc.c:2810
 __free_pages+0x6b/0x3b0 mm/page_alloc.c:5273
 __free_slab+0xb6/0x110 mm/slub.c:2726
 free_slab+0x18/0xf0 mm/slub.c:2749
 discard_slab mm/slub.c:2755 [inline]
 __put_partials+0x11b/0x150 mm/slub.c:3224
 put_cpu_partial+0x91/0xc0 mm/slub.c:3299
 __slab_free+0x1d3/0x2b0 mm/slub.c:4532
 do_slab_free mm/slub.c:4614 [inline]
 ___cache_free+0xc9/0xe0 mm/slub.c:4725
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0xb5/0x130 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x14f/0x180 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x28/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4164 [inline]
 slab_alloc_node mm/slub.c:4213 [inline]
 kmem_cache_alloc_noprof+0x131/0x3a0 mm/slub.c:4222
 vm_area_alloc+0x3f/0x1a0 kernel/fork.c:451
 __mmap_region mm/mmap.c:1453 [inline]
 mmap_region+0xb89/0x1bc0 mm/mmap.c:1634
 do_mmap+0xb6d/0x13c0 mm/mmap.c:508
 vm_mmap_pgoff+0x38f/0x4e0 mm/util.c:594
 vm_mmap+0x8b/0xc0 mm/util.c:614
 elf_map fs/binfmt_elf.c:382 [inline]
 elf_load+0x3a0/0x1340 fs/binfmt_elf.c:405
 load_elf_binary+0xf88/0x2b40 fs/binfmt_elf.c:1172
 search_binary_handler fs/exec.c:1790 [inline]
 exec_binprm fs/exec.c:1832 [inline]
 bprm_execve+0x6e9/0x1380 fs/exec.c:1884
 do_execveat_common+0x929/0xa80 fs/exec.c:1989
 do_execve fs/exec.c:2063 [inline]
 __do_sys_execve fs/exec.c:2139 [inline]
 __se_sys_execve fs/exec.c:2134 [inline]
 __x64_sys_execve+0x96/0xb0 fs/exec.c:2134
 x64_sys_call+0x12c4/0x2ee0 arch/x86/include/generated/asm/syscalls_64.h:60
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x58/0xf0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f0e3fdc1ff7
RSP: 002b:00007f0e40b54df8 EFLAGS: 00000206 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 00007ffc83e67ef2 RCX: 00007f0e3fdc1ff7
RDX: 00007ffc83e661f0 RSI: 00007ffc83e66430 RDI: 00007ffc83e67ef2
RBP: 00007f0e40b54e70 R08: 00007f0e40b54f20 R09: 0000000000000000
R10: 0000000000000008 R11: 0000000000000206 R12: 00007ffc83e66430
R13: 00007ffc83e661f0 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
net_ratelimit: 145855 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ae:38:67:88:2c:f1, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ae:38:67:88:2c:f1, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ae:38:67:88:2c:f1, vlan:0)
net_ratelimit: 157264 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ae:38:67:88:2c:f1, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ae:38:67:88:2c:f1, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ae:38:67:88:2c:f1, vlan:0)

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/10 16:53 android16-6.12 8ea40f524391 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-12-rust INFO: rcu detected stall in vm_area_alloc
* Struck through repros no longer work on HEAD.